25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Texas Expands HIPAA Privacy Laws to Bolster EHR Security

Governor of Texas, Rick Perry, has signed a new law to give Texas residents even greater protection than required by the Health Insurance Portability and Accountability Act and has increased penalties for healthcare organizations that fail to implement the appropriate security measures to protect the health data of patients. Under the Health Information Technology for Economic and Clinical Health Act (HITECH), covered entities have a number of responsibilities including reporting data breaches to the Office for Civil Rights (OCR). Data breaches are reportable to the OCR, either in an end of year report or after an investigation, depending on the number of individuals affected. HIPAA places a number of restrictions on how ePHI is used and stored, and all covered entities are required to conduct a full risk analysis to assess systems for security vulnerabilities to allow risk to be managed. It also lays down the procedures that must be followed after a data breach, such as notifying potential victims. Covered organizations are also required to conduct an investigation into how a...

Read More
HIPAA Privacy Complaint Results in Federal Criminal Prosecution for First Time
Jul30

HIPAA Privacy Complaint Results in Federal Criminal Prosecution for First Time

For the first time, a HIPAA privacy complaint filed with the Department of Health and Human Services’ Office for Civil Rights (OCR) has resulted in federal criminal prosecution. A complaint was filed with OCR over an impermissible disclosure of a patient’s protected health information by a doctor. The doctor, Richard Alan Kaye of Suffolk, Va., was alleged to have shared PHI with the patient’s employer without consent from the patient – A violation of the HIPAA Privacy Rule. The case against Kaye has been referred to the Department of Justice, which has pressed charges. While OCR has referred more than 500 HIPAA violation cases in the past, this if the first time that an investigation of a privacy complaint has resulted in criminal prosecution. Kaye had previously worked at Sentara Obici Hospital in Suffolk, Va., as Medical Director of its Psychiatric Care Center. The patient had been enrolled in a mental health treatment program at the hospital and Kaye treated and subsequently discharged the patient. On discharge, Kaye stated that the patient was not a threat to the public....

Read More

UCLA Hospitals Receives $865K HIPAA Fine for Failing to Protect Celebrity Medical Records

The Department of Health and Human Services’ Office for Civil Rights has fined the UCLA Health System $865,500 for HIPAA violations caused by allowing the medical records of two celebrity patients to be accessed by non authorized personnel. The two patients affected by this security breach made complaints about hospital employees having improper access to their medical records and allege the hospital broke the law by failing to control access to their private data. The names of the complainants were not revealed by the OCR. HIPAA violations are alleged to have occurred at all three of the hospitals operated by UCLA Health System. According to a statement from Dale Tate, spokeswoman for UCLA, Ronald Reagan UCLA Medical Center, Santa Monica UCLA Medical Center and Orthopaedic Hospital and Resnick Neuropsychiatric Hospital are alleged to have violated the Health Insurance Portability and Accountability Act of 1996 with the security breaches that occurred between 2005 and 2009. During this period there were a number of instances of employees snooping and members and a number of members...

Read More

Criminal Charges Filed Against Alabama Woman for HIPAA Violations

A woman from Alabaster has been charged with stealing surgery schedules of patients containing names, dates of birth and social security numbers from the Trinity Medical Center in Birmingham, Ala. Chelsea Catherine Stewart did not work at the hospital, but visited a patient who was receiving treatment on numerous occasions between March 22 and April 8, 2011. During her visits Stewart also entered a patient registration area where she stole the records. In total she obtained over 4,500 patient records during her visits. The woman had some form. She was involved in an investigation into credit card fraud, and law enforcement officers had already obtained footage of her using stolen credit card to pay for goods. She is alleged to have taken the schedules for the information they contained with the intention of committing identity fraud. When law enforcement officers went to Stewart’s house on April 8, 2011, they discovered the surgery schedules along with notes written by Stewart which they referred to as an identity fraud “to do list.” All patients who are understood to have been...

Read More
Minnesota Hospital Fires 32 Over HIPAA Violations
May12

Minnesota Hospital Fires 32 Over HIPAA Violations

When employees violate patient privacy rights and access Protected Health Information without authorization, it usually results in the termination of that employee’s contract. However a hospital in Minnesota has recently fired 32 employees for widespread snooping on the health records of patients. Allina Hospitals and Clinics took action against employees in two hospitals in its network; the Mercy Hospital in Coon Rapids and the Unity Hospital in Fridley. The inappropriate access all related to patients who had been admitted in the same incident; a party in a neighboring town in which individuals had suffered drug overdoses. The party was in Blaine, and one patient died of a drug overdose and 11 more required hospital treatment. The incident was attributed to a synthetic drug that was supplied to the partygoers. An incident of this nature and scale naturally aroused the interest of hospital staff; however HIPAA Rules prevent doctors, nurses and other healthcare professionals from accessing the medical records of individuals out of curiosity. Medical records are private and can only...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist